The Cellular Internet of Things (CIoT) is a new radio technology that is able to provide extended coverage for harsh environments, for example, basements, and is designed to serve massive number of UEs (over 50,000 per base station) using a very limited bandwidth (e.g. 160 bps).
The current assumption in 3GPP standardization is that the security mechanism for CIoT over GSM EDGE Radio Access Network (GERAN) would be based on enhancements of General Packet Radio Service (GPRS) security as introducing integrity protection for the control plane in Gb mode between the CIoT user equipment and the Serving GPRS Support Node (SGSN).
The assumption for CIoT is that the Universal Mobile Telecommunications System (UMTS) Authentication and Key Agreement (AKA) is run at the GPRS Mobility Management and Session Management (GMM/SM) layer creating the keying material, and the integrity protection is done at the Logical Link Control (LLC) layer using the integrity key (IK′) created with the key derivation function from the UMTS AKA session keys.